Website Hack Attempt ?

Discussion in 'Systems Administration' started by TheKillHD, May 22, 2017.

  1. Hello,

    Sorry for my english, I speak french.


    I was reading my error log and i saw that : https://hastebin.com/udonufefir.lua

    I would like to know if it was an hack attempt and how to fix that ?


    Thanks !
     
  2. Yep, we run a handful of honeypots, and just putting a server online the ipv4 address gets probed.
    The question for you is: is it random and automated scripts just trying around the web, or are you specifically targeted.
     
    • Useful Useful x 1
  3. I did a /seen of the ip and it's the ip from a player ^^
     
  4. While this (hilariously!) turns out to be a player on your server, keep in mind that bots will regularly attempt this nonsense on any website they come across. Won't always be some player you upset (or didn't upset but wants to poke things).
     
    • Like Like x 1
  5. No. Someone is trying to search the web off for making the server part of a shell botnet
     
  6. Yup.

    That's why this is here:
    Code (Text):

    [core:error] [pid 18293] [client 88.120.109.58:56710] AH00126: Invalid URI in request GET /../../../../../../../../../../etc/passwd HTTP/1.1
     
  7. Maybe look into things like ufw to help close down your linux box with a simple firewall, (though, pls do properly configure it) and use fail2ban perhaps for some catching/auto-blocking stuff. And what helps with most 'bots' is to not have your obvious services on the default ports. ssh on 22 could easily be on 23456 or anything below 64k basically.